Qualcomm Eudora 6.0.16.1.1 - Attachment LaunchProtect Warning Bypass (2)

Qualcomm Eudora 6.0.16.1.1 - Attachment LaunchProtect Warning Bypass 2 source: https://www.securityfocus.com/bid/9101/info A problem has been identified in the implementation of LaunchProtect within Eudora. Because of this, it may be possible to trick users into performing dangerous actions. May...

Qualcomm Eudora 5.x/6.0 - Spoofed Attachment Line Denial of Service

source: https://www.securityfocus.com/bid/9026/info A vulnerability has been reported by Qualcomm that may be exploited by a remote attacker to cause the Eudora e-mail client to crash. It has been reported that a malicious email that contains a spoofed attachment converted line will trigger this...

Qualcomm Eudora 5.x6.0 - Spoofed Attachment Line Denial of Service

Qualcomm Eudora 5.x6.0 - Spoofed Attachment Line Denial of Service source: https://www.securityfocus.com/bid/9026/info A vulnerability has been reported by Qualcomm that may be exploited by a remote attacker to cause the Eudora e-mail client to crash. It has been reported that a malicious email...

Eudora 6.0 attachment spoof, exploit

Eudora 6.0 was released recently; I tested the Windows version only. It still contains several vulnerabilities, the most serious being an execute-any-code bug. It is distressing that the "spoof and steal" bug was pointed out years ago; the execute-any-code bug in 5.2.1 was sent to Qualcomm on 29...

CVE-1999-1263

Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file...

Microsoft Outlook 5.5/2000 - Web Access HTML Attachment Script Execution

source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to prevent filtering of the attachment by...

iPlanet Messaging Server 5.05.1 - HTML Attachment Cross-Site Scripting

iPlanet Messaging Server 5.05.1 - HTML Attachment Cross-Site Scripting source: https://www.securityfocus.com/bid/7704/info It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via...

iPlanet Messaging Server 5.0/5.1 - HTML Attachment Cross-Site Scripting

source: https://www.securityfocus.com/bid/7704/info It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via e-mail. If successfully exploited, a malicious HTML file may be used to...

CVE-2002-1039

Directory traversal vulnerability in Double Choco Latte DCL before 20020706 allows remote attackers to read arbitrary files via .. dot dot sequences when downloading files from the Projects: Attachments feature...

CVE-2001-1373

Vulnerability (CVE-2001-1373) affects Zone Labs ZoneAlarm 2.6 and earlier, and ZoneAlarm Pro 2.6 and 2.4, where the MailSafe component does not block prohibited file types with long file names. Root cause: the filter fails to enforce type/name restrictions for attachments, enabling remote attacke...

Clearswift MAILsweeper protection bypass

If MIME-Version header is missed or binary encoding is used attachments are not recognized...

Qualcomm Eudora 5.0/5.1/6.0 - Long Attachment Filename Denial of Service (2)

source: https://www.securityfocus.com/bid/7026/info Eudora may crash when handling messages which contain attachments with excessively long filenames. This condition reportedly occurs when messages with malformed attachment filenames are stored in the user's mailbox, which could result in a...

CVE-2002-1997

ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering and possibly execute arbitrary code via email attachments containing a trailing dot after the file extension...

PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution

source: https://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has been reported that the vulnerable module fails to...

PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution

PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution source: https://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has...

CVE-2002-1210

Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context...

Fresh hole in W3Mail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nth Dimension Security Advisory NDSA20021112 Date: 12th November 2002 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: W3Mail up to and including 1.0.6 http://www.w3mail.org...

Microsoft Internet Explorer 6 - File Attachment Script Execution

source: https://www.securityfocus.com/bid/5450/info An error has been reported in Microsoft Internet Explorer 6, which may allow malicious file attachments to execute arbitrary code in the context of the local system. HTM files are associated with Internet Explorer. It is possible for an attacker...

CVE-2002-0455

IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames...

Qualcomm Eudora 56 - File Attachment Spoofing (2)

Qualcomm Eudora 56 - File Attachment Spoofing 2 source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing...